Catch credential needed with NSTask and rsync

Question

Fist post for a french developer! I'm trying to create a simple synchronization using rsync and objective-c. So I used NSTask like that :

NSTask *task = [[NSTask alloc] init];
[task setLaunchPath:@"/usr/bin/rsync"];
NSArray* args = [NSArray arrayWithObjects:@"-av", @"/Users/BiB1/Documents/test/", @"login@ftp.myserver.net:~/test/", nil];
NSDictionary* env = [NSDictionary dictionaryWithObject:<#(id)object#> forKey:<#(id)key#>
[task setArguments:args];
NSPipe *outPipe = [[NSPipe alloc] init];
[task setStandardOutput:outPipe];
[outPipe release];
[task launch];

NSData *data = [[outPipe fileHandleForReading] readDataToEndOfFile];
[task waitUntilExit];

int status = [task terminationStatus];
[task release];
if(status != 0)
{
    NSDictionary *eDict = [NSDictionary dictionaryWithObject:@"Sync impossible" forKey:NSOSStatusErrorDomain];
    NSError *outError   = [NSError errorWithDomain:NSOSStatusErrorDomain code:0 userInfo:eDict];

    NSLog(@"EDICT : %@",eDict);
    NSLog(@"ERROR : %@",outError);
}

NSString *aString = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
[self.textField setStringValue:aString];

[aString release];

In the terminal the command work fine but I have a request for the password. And in NSTask I don't have this request.

So my question is, there is a method for catching crendential needed, or is it possible to set password as parameter or something else.

Thanks by advance.

BiB1

Answer 1

from the rsync man page:

Some modules on the remote daemon may require authentication. If so, you will receive a password prompt when you connect. You can avoid the password prompt by setting the environment variable RSYNC_PASSWORD to the password you want to use or using the --password-file option. This may be use- ful when scripting rsync.

WARNING: On some systems environment variables are visible to all users. On those systems using --password-file is recommended.

Answer 2

As far as I know the only way to do this is to create a separate program to supply the password (ie an "Askpass" program) and to set the environment variable SSH_ASKPASS. I've written up a set of instructions on how to do this here

http://www.mudflatsoftware.com/blog/2010/01/wrapping-rsync-or-ssh-in-an-nstask/

and a source code example here.

http://bitbucket.org/iracooke/ssh-nstask

Although the examples are for ssh, they also apply to rsync. I use this myself and it works pretty well although it's somewhat complicated to setup.

Answer 3

I find the best way to avoid passwords is to use certificates with SSH/rsync. This is my call to rsync:

rsync -azvr --stats --rsh="ssh -p${ssh port} -i /path/to/certificate/key" ${source} ${destination}

the important part is:

--rsh="ssh -p${ssh port} -i /path/to/certificate/key"

-i specifies a certificate as an identity to prove who you are and 'log in' automatically.

this certificate is generated by calling:

ssh-keygen -t rsa -b 2048 -f key

where your backing up from and then putting the key is a specific place on the destination

run this script (which requires the script below) from where you will store your certificate with parameter ip of the server and port number for ssh
(eg ./setup.sh //192.168.1.22 23024)

echo "generate key"
ssh-keygen -t rsa -b 2048 -f key
echo "push key to server"
rsync -avz --rsh="ssh -p$2" key.pub $1:~/.ssh/key.pub
echo "put key in authorized_keys on server"
ssh -p$2 $1 'bash -s' < ../remote.sh

you will need this script stored in the same location, named 'remote.sh'

#!/bin/bash

mkdir .ssh
cd .ssh
cat key.pub > authorized_keys

exit

the script will require the username and password once, but from then on rsync will use the certificate as your credentials.

key is the private certificate and kept on your computer used to sign outgoing data

key.pub is the public certificate and is kept on any computer used to check the signed data and confirm it is from you.

.ssh is a special folder in your home directory to store certificates for use with ssh..

I hope this helps.